OSDI 2000 Abstract
Fast and secure distributed read-only
Kevin Fu, M. Frans Kaashoek, David Mazières, MIT
Internet users increasingly rely on publicly available data for everything from software installation to investment decisions.
Unfortunately, the vast majority of public content on the Internet comes with no integrity or authenticity guarantees. This paper
presents the self-certifying read-only file system, a content distribution system providing secure, scalable access to public,
The read-only file system makes the security of published content independent from that of the distribution infrastructure. In a
secure area (perhaps off-line), a publisher creates a digitally-signed database out of a file system's contents. The publisher then
replicates the database on untrusted content-distribution servers, allowing for high availability. The read-only file system
protocol furthermore pushes the cryptographic cost of content verification entirely onto clients, allowing servers to scale to a
large number of clients. Measurements of an implementation show that an individual server running on a 550 Mhz Pentium III
with FreeBSD can support 1,012 connections per second and 300 concurrent clients compiling a large software package.